processThe security context under which an application runs. Typically, the security context is associated with a user, so all applications running under a given process take on the permissions and privileges of the owning user.
---------------------------------------------------------------------------
privilegeThe right of a user to perform various system-related operations, such as shutting down the system, loading device drivers, or changing the system time. A user's access token contains a list of the privileges held by either the user or the user's groups.
---------------------------------------------------------------------------
logon identifierAn LUID that identifies alogon session. A logon ID is valid until the user logs off. A logon ID is unique while the computer is running; no other logon session will have the same logon ID. However, the set of possible logon IDs is reset when the computer starts up. To retrieve the logon ID from anaccess token, call theGetTokenInformationfunction for TokenStatistics; the logon ID is in theAuthenticationIdmember.---------------------------------------------------------------------------
logon sessionA logon session begins whenever a user logs on to a computer. All processes in a logon session have the same primary access token. The access token contains information about the security context of the logon session, including the user's SID, thelogon identifier, and thelogon SID.
---------------------------------------------------------------------------
access tokenAn access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.
->
security identifier(SID) A structure of variable length that uniquely identifies a user or group on all Windows NT implementations.
->
impersonation tokenAn access token that has been created to capture the security information of a client process, allowing a server to "impersonate" the client process in security operations.
->
primary tokenAn access token that is typically created only by the Windows kernel. It may be assigned to a process to represent the default security information for that process.
댓글